<?php
include('config.php');
include('func/f1.php');

// username and password sent from form 
$user=$_POST['user']; 
$pwd=$_POST['pwd']; 
// To protect MySQL injection (more detail about MySQL injection)
$pwd = md5($pwd);

$sql="SELECT * FROM $tbl_name WHERE username='$user' and password='$pwd'";
$result=mysql_query($sql);

// Mysql_num_row is counting table row
$count=mysql_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row

if($count==1){
// set the cookies
$date_of_expiry = time() + 60 * 60 * 24 * 14 ;
$sid = getRS(14);
$time = time();
setcookie( "sid", $sid, $date_of_expiry );
setcookie( "checklog", $user, $date_of_expiry );
mysql_query("INSERT INTO `cookies` (`id`, `user`, `sid`, `date`) VALUES('', '$user', '$sid', '$time') ") or die(mysql_error());  

// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("user");
session_register("pwd"); 
header("location:index.php");
}
else {
$error = urlencode("Username or password incorect!");
header("location:index.php?log=$error");
}
?>
